A standard ubuntu install should not activate network services that are accessible via the internet.
You can check via (for tcp):
netstat -lntp
Similar for udp, but udp does not distinguish between ports opened for listening or sending.
Thus, an iptables configuration is not necessary.
A bit off-topic perhaps, since following concerns you in any case (it does not matter if you are behind a router):
- consider disabling flash (since the flash plugin has a big history of hilarious security problems)
- consider disabling the Java-Plugin (if enabled) and enabling it only for certain sites (not as much security related problems in the past as flash, but a few)
And, sure, you probably know that, but anyways: Always work as normal-user as possible. Don't use firefox etc. as root ...
An example netstat -lntp output:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 935/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1811/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1755/exim4
tcp6 0 0 :::22 :::* LISTEN 935/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1811/cupsd
The 127.0.0.1 entries are harmless, because those programs only listen on the local network interface.
sshd is an example of a service that listens on all available interfaces (0.0.0.0, i.e. including the one the cable internet modem is connected to) - but usually you have good passwords or disable password authentication and only use public-key.
Anyways, IIRC sshd is not installed by default.
The last two interfaces regard IPv6. ::1 is the address of the loopback device (like 127.0.0.1 in IPv4), thus safe. ::: is the IPv6 all network interface wildcard analog to 0.0.0.0 (IPv4).
You can do this over Empathy's backend (telepathy) through another application called ssh-contact.
I haven't used it personally, but it seems to me like a good way of getting two novices to SSH into each other.
Of course another method would be to have them SSH to you (I assume you're competent enough to manage your port forwarding) and forward a port back to a ssh server on their machine.
Get them to run:
ssh -R 48724:localhost:22 your_username@your_ip
You obviously might not want them logging in as your user so you could create another user and have that just for SSHing. There obviously has to be a modicum of trust between you and the other user.
And then you run:
ssh -p 48724 their_username@localhost
I'm using a high port so root privileges aren't required.
Of course, they'll need openssh-server
installed for you to connect but that's a simple sudo apt-get install openssh-server
Best Answer
There was a similar problem that struck me after reading this question here on AskUbuntu and checking my VPS, only to see a bazillion of brute force attempts. That is when I decided to take action.
Now according to the question I linked to, if you would like to see failed login attempts on your machine over ssh (could be brute force attempts or anything), try typing this:
If the output consists of multiple lines, that is many brute force attempts, especially if they have happened between short intervals, you might want to do the following pieces of action:
Change the ssh configuration file
To do this, open the file located at /etc/ssh/sshd_config with your favourite editor, like this
vim /etc/ssh/sshd_config
.1. Try to move ssh from port 22: Now locate the line that reads:
and comment out Port 22, and use anyone you might like. Example:
Please remember that ports below 1024 need special (root) permission.
I do not know how this could interfere with it, but I am just saying.2. Disable Root logins via ssh: Since the root username is predictable and provides complete access to your system, providing unfettered access to this account over SSH is unwise. Locate the line reading PermitRootLogin and set it to no.
3. Disable password authentication: Generate and use SSH keys to log into your system. Without passwords enabled, attackers will need to guess (or steal) your SSH private key in order to gain access to your server. Something that is very very difficult. Proceed to find the line that reads PasswordAuthentication and set it to no
!WARNING! Before doing so, please consult this guide over here on how to set up certificate authentication.
NOTE: After you have made the changes use
sudo /etc/init.d/ssh restart
. To connect to another port via ssh use:ssh username@hostname.com -p <port_number>
.Setup a firewall
Please check out this guide on how to set up the extremely powerful and effective firewall, which is integrated into Linux, IPTables.
Setup scripts to help you with security
One that I use personally and quickly comes to mind is Fail2Ban. Fail2ban will monitor your log files for failed login attempts. After an IP address has exceeded the maximum number of authentication attempts, it will be blocked at the network level and the event will be logged in
/var/log/fail2ban.log
. To install it:sudo apt-get install fail2ban
Check command history via ssh
There is a linux command, named
history
, which allows you to see which commands have been input up until that point. Try typinghistory
in a terminal to get to see all commands up to that point. It could help if you were root.To search for a particular command try:
history | grep command-name
To list all commands after ssh:
fc -l ssh
You can also edit commands using vi (haven't tried it vim, though I assume it works as well):
fc -e vi
You can also delete the history:
history -c
NOTE: If you are not a fan of the command
history
there is also a file in your home directory (cd ~
), called .bash_history (if you are using bash) that you cancat
to see all that has been typed in the bash shell.